Forum Discussion

Anon414's avatar
Anon414
Copper Contributor
Aug 25, 2020

Protection of CUI via email

Is there a secure and compliant way to transfer CUI using Outlook (SC.3.177 requires FIPS validated cryptography)? Does this require a GCC or GCC high license if you are only using this function?
Anupam_K_Gupta's avatar
Anupam_K_Gupta
Former Employee
Sep 02, 2020

Anon414 - great question.

Let me point you to a few sources:
https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-fips-140-2?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/email-encryption?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-advanced-message-encryption?view=o365-worldwide

These services are built using Azure Rights Management Services which do support FIPS 140-2 requirements.

https://docs.microsoft.com/en-us/azure/information-protection/what-is-azure-rms

Regarding your question plans and GCC vs. GCCH, you'll want to think through the details, especially when you consider spills and managing data traversing environments.
Here's a great RichardWakeman article for your consideration:

The Microsoft 365 Government (GCC High) Conundrum - DIB Data Enclave vs Going All In

 https://aka.ms/AA6frar




Paul Meacham or Sergio Cossio - would you have any guidance on plans and services?



Resources